default value of security.bsd.hardlink_check_[ug]id
Ceri Davies
ceri at submonkey.net
Sun Dec 31 05:11:05 PST 2006
On Sat, Dec 30, 2006 at 09:08:42PM -0800, Colin Percival wrote:
> FreeBSD Architects,
>
> I'd like to make security.bsd.hardlink_check_[ug]id default to 1, starting
> with FreeBSD 7.x. This would make it impossible for a user to create a hard
> link to a file which he does not own.
>
> Any objections?
One here, on the grounds that:
a) you have provided no rationale;
b) that sysctl does not currently seem to be documented anywhere, so
changing its default value would violate POLA.
There is a longer answer in which I pine after Solaris' privileges(5)
again, or wonder if this can be implemented for "system" processes only
using the new priv(9) API instead.
Ceri
--
That must be wonderful! I don't understand it at all.
-- Moliere
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20061231/6f5cab50/attachment.pgp
More information about the freebsd-arch
mailing list